[ed.note: Below is the story of how the BlackNET came to be.]
CONFIDENTIAL - SENSITIVE
ATTORNEY WORK PRODUCT
FOR: Legal Counsel 30 October 2000
VIA: NCL, WRM, COPS, KR, C/ROGUE, DRCOL, EDJ, WHB, NEW, GUS, SR-6, BAR, BOJ, DPF
SUBJ: 'BLACKNET' Investigation #1
According to two special agents of the Federal Bureau of Investigation (FBI), someone affiliated with a loosely associated network of alleged "cyber-criminals" have appropriated my "cyber-identity" to commit apparently unauthorized access to NASA computer systems. Investigation to date reveals that this has apparently occurred, and it involves a "multi-agency," very secret investigation of the alleged perpetrators (one of whom I am apparently not). This alleged cyber-criminal network is further described by intelligence sources as very dangerous.
This report is a compilation and an expansion of two memoranda written on an internet-connected, AOL account "WSMfiles"-linked, Dell computer (Model Dimension 4100). This report is being written on my PBS-linked Macintosh PowerBook laptop (Model 520c). As far as can be determined to date, this matter apparently pertains to the time period of 1998-1999, and is not APPARENTLY related directly to my work on two rather sensitive cases for a Washington corporate security consulting group..
The first memorandum I wrote was dated 17 OCT 2000, and was entitled "FBI Visit." It stated in its entirety:
"Special Agents (SAs) Steven J. PANDELIDES and John T. CURRAN of the Washington Field Office (WFO), VA Branch, visited with me in the OpCenter for approximately 45 minutes at 10:00 am this morning. They stated that they are checking out a request from 'another office' about whether my computer or computer identities have apparently been appropriated via some method of 'cyber theft,' and employed to enter the NASA computer systems at the Johnson Space Center in Houston and their Goddard Space Flight Center facility in Greenbelt [MD]. This allegedly occurred sometime in 1998 or 1999. SA PANDELIDES had specified in a telcon message (recorded) on 16 OCT 2000 that I was apparently the 'unknowing victim of a computer-type intrusion.'
"During our meeting, the Special Agents inquired as to my programming proficiency, and they seemed most interested in LINUX. I informed the agents that the most important thing I knew about FORTRAN was 'rubber bands, since if you drop your IBM programming cards [while] standing in line to run your program, your program would quickly get out of order.' They asked about the operating system I used, (Mac OS 7.5 circa 1995). I informed the agents that I did have very sensitive 'proprietary information' on this computer, which they declined to examine (although it was on and sitting in front of me during the interview).
"They inquired if I recognized the following 'screen names' (I did not):
The special agents also inquired if I had ever participated in any "chat-rooms." To my certain knowledge, the true "WSMfiles@aol.com" has NEVER participated in any single chat-room, ever. The above listed screen names are apparently linked to some sort of "chat-room chat," as may well be the "WSMfiles" impostor(s).
The SAs also inquired as to any web sites I may have visited. I informed them that, to the best of my recollection, I had visited the following governmental sites:
NSA re: VENONA transcripts
NRO re: Satellite Coverage
NOAA re: Weather reports
DEPARTMENT OF LABOR
CENTRAL INTELLIGENCE AGENCY re: Country Reports
EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
The SAs expressed no further interest, not even in the dates I may have visited the above listed sites (most all in 1997). I did explain to SA CURRAN that the NRO stood for the National Reconnaissance Office, which has recently employed a "PAO" (Public Affairs Officer).
SA John T. CURRAN, listed above, was subsequently physically described to me, (with no prompting or descriptions from me), by a source familiar with the Foreign Counter-Intelligence (FCI) operations of the WFO, down to his most recent haircut. SA CURRAN's FBI business card has his Washington WFO phone number crossed-out and a VA number handwritten in, unlike his counterpart, SA PANDELIDES.
After I physically escorted these two FBI SAs from the premises, I informed them that I would be happy to cooperate in anyway on this investigation, and I would make all the services available that were mine to offer. My final words to these two SAs as they walked West on across L St. N.W. toward 17th, to their parking space, were: "Don't call me a confidential informant--just call me."
Pursuant to a spare-time investigation, I began to draft another memorandum on the same internet-connected, AOL account "WSMfiles"-linked, Dell computer. It was originally dated 25 OCT 2000, and entitled "The 'BLACK NETWORK' Investigation." It states, in rough-draft form, the following:
"Over the weekend [21-22 OCT 2000], I learned that there was a loosely organized group of apparent cyber-criminals going by the name of the "BlackNet." Some of these operators were arrested and prosecuted in 1999. They were former telephone company technicians and were able to re-route around some telephone company switching stations. These individuals would purloin confidential databases of credit card holders; telephone credit card accounts and virtually anything in any database anywhere believed to be of value. They sold this information over the internet to all sorts of customers, including P.I.s.
"This alleged criminal network frequently (and apparently gleefully), practiced what they described as 'social engineering.' Social engineering entails making pretext phone calls or cyber-visits wherein the hackers attempt to solicit information to attack the victims' computer systems. Some of these so-called 'social engineering' techniques are explored in a new book about cyber-crime:
[To] save [themselves] some time and trouble [hackers will] phone claiming to be from the "Help Desk" or "Tech Support"...Hackers revel in developing adroit 'social engineering' skills. They pose as telephone repair men, they pose as cable installers, they pose as long distance operators, they pose as co-workers you have never met. They cajole or bully you depending upon which they sense will get the best results. The questions they ask could be as simple as "What version of the operating system is installed o your system? We're doing an enterprise-wide update." The questions could be as brazen as "Could you tell me your password? We need to reconfigure your user account. There's been some file corruption and we can't retrieve your ID info..."
"In light of the above, I recalled an anomaly that would comport with an attempted 'social engineering' approach to my home. On Monday, 23 OCT 2000 (10:00 am), SA Steven J. PANDELIDES of the FBI WFO returned my page (Pager #202-592-7845; Cell #703-902-9812). I informed him that I had additional, possibly relevant information to impart. Specifically, approximately a year and a half ago (May 1999), a call was placed to my then rather recently installed third telephone line (703)524-5605. The caller inquired as to whether 'WSM Files' was a 'business.' When informed it was not, the caller seemed somewhat disappointed and hung up.
"SA PANDELIDES apparently took this information down. When I inquired as to the location of the 'another office' which had made the request to SA PANDELIDES' office to interview me, SA PANDELIDES declined to answer, stating that he would have the 'case agent' call me if the case agent deemed it 'necessary.' As of 4:00 PM, 25 OCT 2000, I have not been called.
"I inquired if this was the 'but-end of the BlackNet case,' to which SA PANDELIDES did not respond. I further inquired as to the other 'victims,' and as to whether any of them were journalists, investigators or members of other, similar professions. SA PANDELIDES responded that there were indeed 'other victims,' but that he did not have that information and that the 'case agent' had that information.
[Not described to anyone, my AOL account at that time was charged monthly to a credit card issued by the USAA insurance company, which also provided my long-distance telephone carrier, U.S. Sprint, with "bonus points." My AOL WSMfiles account 'profile' does NOT contain any identifying data whatsoever. This obviously is how my new telephone number received a "WSM Files" social engineering phone call.]
"At 1:30 PM on 24 OCT 2000, I was contacted by a source formerly with No Such Agency, who informed me what he be told by a former colleague now working at NASA. This source confirmed that the 'BlackNet' was the subject of a 'very large scale investigation.' The source further advised that this investigation was 'multi-agency,' involving NSA, NASA, FBI and other agencies not further specified. The source confirmed that this investigation commenced in 1998 and is 'still very current.' The members of this 'BLACKNET' are 'someone to be afraid of, very afraid.'
"The source added that this investigation is a 'very sensitive, close hold' case and it should not be disclosed to 'the media.' I informed the source that it was a little bit late considering the alleged nature and background of the actual 'WSM Files' AOL account holder circa 1998-1999.
"Another source, a frequent web browser and chat room participant, described for me on 24 OCT 2000 some of his own interesting troubles with his daughters AOL account approximately one year ago."
[WSM DRAFT ENDS]
The above listed “AOL” source further described how he had an AOL account “for my kids. One day my daughter calls upstairs and says ‘will you please get off Dad.’ I was not on any AOL account; I never used it. So I instant messaged (IM) the account and asked ‘who are you?’ And the person wrote back that it was ‘none of your business.’ I asked ‘why are you on here,’ to which he responded ‘because I can.’ Then he wrote ‘try and stop me if you can’.”
“In the meantime,” this AOL source continued, “I had gotten AOL on the phone while I still had this intruder on the account. They told me they could see the intruder, but they refused to identify him. Subsequently, some people at my office told me that they never tried to contact me at home anymore because ‘you’re always on there’.” This AOL source checked with an online contact by the screen name of “WEDGE,” whose identity is known to another source of mine. WEDGE told the AOL source that his computer and his accounts were “completely owned,” and that he should change everything, which the AOL source subsequently did.
There must be hundreds, if not thousands, of other such cyber-theft victims. I will later check out the no doubt many anti-AOL web sites and chat rooms.
It does clearly appear that AOL has a rather significant cyber-security problem. According to the Washington Post, AOL has had its customer database data stolen on at least one RECENT occasion. "This [Microsoft break-in] is the second computer break-in at a major technology company that has been publicized in RECENT months. In JUNE , hackers using a similar METHOD [Trojan Horse e-mail] broke in to the BILLING SYSTEMS of the world's largest on-ramp to the information superhighway, Dulles-based AMERICA ONLINE INC., and pilfered names, addresses and other personal information."
The two FBI special agents who visited my home in Arlington apparently did not properly identify themselves to at least one of my neighbors. I was informed by my next door neighbor that TWO young men in "suits" identified themselves as "FBI agents" and displayed "IDs on chains hanging around their necks," NOT their formal wallet-style credentials. They informed my neighbor that ""William Malone might be able to help us on a case." These two "FBI agents" also stated that they had "spoken to a neighbor across the street." After they left the first neighbor's home, "they went down and picked up a ticket off your car window, looked at it, and then put it back. [As observed by my neighbor], they then went back on your front porch and banged on the door again." (A canvas of immediate neighbors by me turned up no others who had talked to these agents.)
There was a indeed a traffic citation on the windshield of my 1989 Jeep Grand Wagoneer for an expired inspection rejection sticker. Upon being informed of this fact, I retrieved the ticket (which had indeed been moved since I had previously placed it to cover-up the above mentioned rejection sticker). I carefully placed this citation into a plastic baggie, for later possible fingerprint identification should these two "agents" later have turned out not to have been bona fide Federal agents. It is apparently a federal felony to falsely pose as a federal agent.
When I informed a former federal law enforcement officer with the CIA's Office of Security and the Naval Investigative Service, and a recently retired Supervisory Special Agent (SSA) with the FBI, of the above statements from my neighbor, they advised the author on 9 OCT 2000 that these agents had not exercised proper federal investigative procedure and may, in fact, NOT be bona fide federal agents.
On 10 OCT 2000, I telephonically contacted the "Duty Officer for the week of October 10th" of the FBI's WFO (202-228-2000) and inquired if the WFO was looking for my assistance, if not my presence. The duty officer advised that she could not say “one way or the other.” When further advised of the situation with the neck “Ids” and the lack of business cards. The duty officer stated that the proper procedure was to file a complaint, which I did then and there telephonically
I subsequently ascertained the name of the Assistant Special Agent in Charge (ASAC) of the WFO for "Administration--SHUBERT," along with the WFO's mailing address. On 16 OCT 2000, about the same time I received a voice message from SA PANDELIDES, I also received a voice message from a “Melissa MALOROW (PH) of the FBI” (Tel.703-762-3152). She did not return my voice mail message of the same date (after I had actually spoken to SA PANDELIDES and set up an appointment).
On 26 OCT 2000 (11:15 am), I spoke with SA PANDELIDES for a third time. He stated that he had “already conveyed your previous info” to “him,” the “case agent.” SA PANDELIDES stated that perhaps I should “file a complaint about the cyber-theft” I had experienced. When I reminded him that the real WSM-Files had been an investigative reporter for twenty-five years (I had already provided him with my resume), SA PANDELIDES advised that “you’re free to write whatever you want.”
It should also be noted that at NO TIME during their interview with me or during two subsequent telephone conversations, did the two FBI special agents advise me to change my AOL account name or password.
 WSM-Memorandum, 10/17/00.
 Confidential Source Interview, 10/10/00.
John T. Curran, FBI Business Card; Steven J. Pandelides, FBI Business Card; both received 10/17/00.
WSM-Interview with SAs Steven J. Pandelides and John T. Curran, 10/17/00.
Richard Power, Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace, Que-Macmillan, 2000, pp,300-301.
WSM-Draft Memorandum, 10/25/00.
 AOL Source Interview, 10/24/00.
Ariana Eunjung Cha and Carrie Johnson, Washington Post, 10/28/00.
Sue Cornwell, 728 N. Cleveland St. (Home Tel.703-528-2279), Interviews, 10/7/00; 10/17/00.
 DPF & WTR Interviews, 10/9/00.
 FBI-WSM Telcon, 10/26/00.
FBI-WSM Interview, 10/17/00; FBI-WSM Telcons, 10/23/00, 10/26/00. (Nor did I ask if I should.)
[ed.note: Almost eight years have passed since the BlackNET Intelligence Channel received it’s only public acclaim--when BKNT Members collectively and publicly called the day, if not the hour, that the perhaps ill-fated Operation Iraqi Freedom would commence. For the benefit of our newest Members, we rerun (and re-toot) the below March 19, 2003 UPI profile…]
Feature: BlackNet abuzz over Iraq showdown
By HIL ANDERSON
LOS ANGELES, March 19 (UPI) -- Ensconced at an undisclosed location in the lonely wooded mountains of West Virginia, the BlackNET has been abuzz in recent weeks as the United States prepares for the moment of truth in the Persian Gulf.
The pending invasion of Iraq and the possibility that it will bring new terrorist attacks to the United States has stoked the level of chatter on the Internet mailing list that has become a "must-have" for government officials, investigative reporters and world affairs scholars in the netherworld of international spooks.
"The consensus is that (Iraqi leader) Saddam (Hussein) is an eternal optimist," said Scott Malone, moderator and founder of the Web site dubbed "BlackNET," which was originally launched in Arlington, Va., in the immediate wake of the Sept. 11, 2001, suicide attack on the nearby Pentagon. "And (President) Bush is going to do exactly what he says."
Saddam's optimism is likely fading with American and British troops expected to be moving in on his dug-in military at any moment, but the imminent showdown has been the primary topic of discussion for months among the members of BlackNET who share a professional interest in the shadowy world of international terrorism.
"We picked up some Israeli chatter last week," Malone told United Press International on Monday in a telephone interview.
"It was some amateur radio buffs who were monitoring some U.S. fighter pilots who said the invasion was going to be on Tuesday."
The chatter appeared to have been off by a day, but it's the kind of fodder that makes BlackNET a font of tidbits and a plethora of analyses that go out to the membership list of roughly 100 in real time and uncensored and unfiltered by officials, editors and spokesmen.
"It's an interesting group," said Morgan Clements, a member of the list and publisher of the Web site TerroristWarning.com.
"They have a curious and uncanny awareness of things which are not always publicly available and are clearly a group of knowledgeable individuals working toward a common goal behind the scenes without getting or expecting credit for the information they provide."
Malone, a multiple Emmy and Peabody award-winning investigative reporter who chronicled Middle East intrigue and the Branch Davidian siege at Waco, Texas, for the Public Broadcasting Corp. series "Frontline," says he limited BlackNET's membership to others who work in the field of intelligence gathering or homeland security, or those in ancillary fields such as public healthcare and cyber-security.
The members are all assigned a code number that keeps them both anonymous and protected against both repercussions from their bosses and static from Web surfers who have little to offer to the discussion other than a political ax to grind.
"It's like belonging to a secret club," he joked.
"The cachet of BlackNET is that you are part of a team; it's a cooperative of online investigations," Malone said. "I began this site to sell it to security firms, but then changed my mind. If it were to go public, we wouldn't be the same thing."
BlackNET's steady stream of news items and instant analysis ranges from hit tips from the Pentagon, Kremlin and Pakistan to reports of menacing military aircraft in the skies around Washington that are no doubt on official business.
The network's favorite investigative reporters and columnists are regularly posted, including UPI's Arnaud de Borchgrave and Jim Hoagland of The Washington Post.
Members both comment on items posted by Malone and contribute their own scoops on topics that include Iraq and suspected terrorist mastermind Osama bin Laden, as well as homegrown bio-terrorism and the hunt for the Beltway snipers.
Malone boasted that BlackNET scooped the mainstream media by a week when a member named Richard M. Smith made inquiries to facial-recognition and biometric companies and was able to confirm the identity of a Pakistani arrest photo of al-Qaida commander Khalid Sheikh Mohammad.
Smith e-mailed the FBI's wanted poster photo of the suspect to several biometric companies and asked them to compare it to the now-famous arrest photo of the disheveled sleepy man that had some Pakistani media questioning whether or not the correct man had been arrested.
"The BlackNET posted a story by one of its members (Smith) who had made the Internet inquiries," Malone said. "One week later, The New York Times did a story about it, using the same biometric company that BlackNET member Smith had used."
Reports are corroborated as far as possible, but the attraction to BlackNET is the raw intelligence that members want to digest before it hits the evening news regardless of how it pans out in the long run.
"It's witty and sometimes even funny," observed member Roger Twinning. "It's a strange, overly informed and timely mutant (newswire)."
Being described as a "mutant" might not seem like high praise, but the White House said after Sept. 11 that the war on terrorism would sometimes be carried on outside the view of the mainstream media, and that might give the myriad BlackNET members a leg up on everyone else.
Malone said: "It's a cooperative of online investigations. The BlackNET members are mostly hawks -- but the point is that I have left-wingers, right-wingers, hawks and doves as members; I have Jewish radicals and Islamic fundamentalists as members."
Information about BlackNet is available on the Internet at home.earthlink.net/wsmfiles. [No longer extant.]
United Press International
[Information contained in BKNT E-mail is considered Attorney-Client and Attorney Work Product privileged, copyrighted and confidential. Views that may be expressed are those of the author(s) and do not necessarily reflect those of any government, agency, or news organization.]